"Exploit checker released with this article requires JAVA to be installed on the computer.... but we already deleted Java per recommendations of exploitable flaws"...

Why has this taken so long to be made so public is it because so much tech is now connectable using UPnP, everything from phones to smart TV's (Oh no, has google been tracking what TV programs I watch ) use it as most people are not going to be port forwarding their routers to allow these devices internet access.

From what I have been reading on this subject IT Admins never allow UPnP anyway as they are obviously aware of the vulnerability so it's mainly home users and the ports UPnP uses (UDP port 1900 and TCP port 2869) are not common ports which you would have open to the internet anyway.

With so many machines seemingly vulnerable why has this exploit not been used more or have people just not realized that it has been used? Surely if it was so easy to access a machine via UPnP then hackers would use this method rather than trying to get malware on PC's which can then often open ports and allow access?

The fact that UPnP remains active even when apparently disabled in some routers is a concern so might be worth doing a port check at "Shields Up" to confirm that the ports are closed after being disabled in your router.

Strange, any mention of peoples privacy/info having been compromised by the likes of google, accidentaly or intentionally, and the stuff hits the fan but when a truly dangerous exploit/vulnerabilty is proven to exist in tens of million of PC's/routers hardly anyone has anything to say on the matter, guess we all need a big "evil" name to blame these days